New Video from @DEFCONConference Showcases ICS Village Water Treatment Model and CTF Challenge

In this video, Dreadwware takes us to the ICS Village where he meets Matt, who presents a model of a water treatment station. This model is a simplified representation of an actual water treatment plant, featuring three tanks: one for groundwater, one for disinfectant (chlorine), and a third where the two are mixed to produce drinking water. The color of the water in the mixing tank indicates the concentration of chlorine: blue for normal concentration, purple if it is too low, and turquoise if it is too high.

The system is controlled by a Controlino PLC, which manages the pumps and infrared level sensors. These sensors are connected to the PLC via Modbus RTU, a communication protocol commonly used in industrial systems. The PLC is also connected to a human-machine interface (HMI) via a switch, displaying the measured levels, chlorine concentration, and setpoints for the levels in each tank as well as the target chlorine concentration.

As part of the ICS Village's Capture The Flag (CTF) challenge, participants can connect to the local Wi-Fi network and access a web page to attempt to hack the PLC. The goal is to modify the target values to disrupt the system. If participants succeed, the system goes into failure mode, and reloading the web page allows them to obtain a flag, indicating their success in the challenge.

Matt also explains that there is a button on the system, salvaged from a Siemens MRI machine, which is supposed to stop the system. This button adds a unique and fun touch to the model, showcasing the ingenuity and creativity behind the system's design.

This video provides a fascinating glimpse into how industrial control systems can be vulnerable to cyberattacks. It also demonstrates how CTF competitions can be used to educate and raise awareness among participants about security risks in critical infrastructure. By understanding these vulnerabilities, cybersecurity professionals can better prepare to protect real systems against potential attacks.

To learn more and see this demonstration in action, watch the full video at the following address: https://www.youtube.com/watch?v=D_3mUd7shX4